LDAP for an internet project. Part 2

    Links to other parts: first , third , fourth , fifth .

    I continue the story.
    Let me remind you that in the first part we installed OpenLDAP on two servers and set up replication between them.

    2. Set up backups, since it’s not so difficult.

    For backup I use the bacula system. I will leave the installation and configuration of the “server” Director and Storage modules outside of this article, focusing on client configuration.
    Install: bacula-fd
    Edit /etc/bacula/bacula-fd.conf Create the necessary directories: To unload the dump, we need the following script:
    cat > /etc/bacula/bacula-fd.conf << "EOF"
    Director {
    Name = backup.habr.ru-dir
    Password = "<пароль, указанный в конфиге Director>"
    }
    FileDaemon {
    Name = ldap01.habr.ru-fd
    FDport = 9102 # where we listen for the director
    WorkingDirectory = /var/lib/bacula
    Pid Directory = /var/run/bacula
    Maximum Concurrent Jobs = 20
    #если хотите чтобы демон работал только на внутреннем интерфейсе, раскомментируйте следующую строку
    # FDAddress = 192.168.100.1
    }
    Messages {
    Name = Standard
    director = bkp01.habr.ru-dir = all, !skipped, !restored
    }
    EOF

    mkdir /root/scripts /var/backups/openldap

    cat > /root/scripts/ldap_backup.sh << "EOF"
    #!/bin/sh
    /usr/sbin/slapcat > /var/backups/openldap/habr.ru.ldif
    EOF

    It is not necessary to compress the file - bacula will do this.

    To delete it after the backup, we make another script: Restart bacula-fd: On the server backup.habr.ru in the file /etc/bacula/director.conf Add about the following Restart the bacula-dir configuration: You can check the operation through bconcole. 3. We put a convenient web-based administration panel - phpldapadmin. The phpldapadmin package is already installed with us, if it is, we install it via apt: It will install its Apache config in /etc/apache2/conf.d/phpldapadmin and after rebooting httpd will be available at habr.ru/phpldapadmin I recommend that you immediately lift it on a separate virtual host like ldap01.habr.ru and with SSL.
    cat > /root/scripts/ldap_backup_clean.sh << "EOF"
    #!/bin/sh
    rm /var/backups/openldap/habr.ru.ldif
    EOF

    /etc/init.d/bacula-fd restart



    cat >> /etc/bacula/director.conf << "EOF"
    Client {
    Name = ldap01.habr.ru-fd
    Address = 192.168.100.1
    FDPort = 9102
    Catalog = MyCatalog
    Password = "пароль из первого конфига"
    File Retention = 30 days
    Job Retention = 6 months
    AutoPrune = yes
    }

    FileSet {
    Name = "ldap"
    Include {
    Options {
    signature = MD5
    }
    File = /var/backups/openldap/
    }
    }
    Job {
    Name = "ldap01.habr.ru-system"
    Client = ldap01.habr.ru-fd
    JobDefs = "DefaultJob"
    FileSet = "ldap"
    Write Bootstrap = "/var/lib/bacula/ldap01.habr.ru-log.bsr"
    ClientRunBeforeJob = "/root/scripts/ldap_backup.sh"
    ClientRunAfterJob = "/root/scripts/ldap_backup_clean.sh"
    }
    EOF

    /etc/init.d/bacula-dir reload



    apt-get install phpldapadmin


    Next, we will be interested in the phpldapadmin config: /etc/phpldapadmin/config.php.
    We change the lines in it: After which you can go to our admin panel by specifying cn = admin, dc = habr, dc = ru and password in the corresponding field in the Login field. Further we need to create organizationalUnit for users, and organizationalUnit for groups. I do not create my own scheme and use two standard templates for users: posixAccount for users who must have shell access to servers and simpleSecurityObject for everyone else. To simpleSecurityObject, I usually add a description attribute to which I write the name and contacts. It will also be logical to create simpleSecurityObject users in one organizationalUnit and posixAccount in another.
    $ldapservers->SetValue($i,'server','name','Habrahabr');
    $ldapservers->SetValue($i,'server','host','ldap01.habr.ru');
    $ldapservers->SetValue($i,'server','base',array('dc=habr,dc=ru'));






    I create groups based on the groupOfUniqueNames template, and add users as uniqueMember.

    We will try all this kitchen in action in the next part of the article.
    That's all for today, thanks for watching.

    Also popular now: